HP-UX Directory Server 8.1 console guide

6.4.2 Creating a password file for the Administration Server

Like the Directory Server, the Administration Server can use a password file during login when

TLS/SSL is enabled.

CAUTION:

This password is stored in clear text within the password file, so its usage represents a significant

security risk. Do not use a password file if the server is running in an unsecured environment.

1. Open the Administration Server configuration directory, /etc/opt/dirsrv/admin-serv.

2. Create a password file named password.conf. The file should include a line with the

token name and password, in the form token:password. For example:

internal:secret

For the NSS software crypto module (the default software database), the token is always

called internal.

The password file should be owned by the Administration Server user and set to read-only

by the Administration Server user, with no access to any other user (mode 0400).

NOTE:

To find out what the Administration Server user ID is, run grep in the Administration

Server configuration directory:

cd /etc/opt/dirsrv/admin-serv

grep \^User console.conf

3. In the /etc/opt/dirsrv/admin-serv directory, edit the nss.conf file to point to the

location of the new password file.

# Pass Phrase Dialog:

# Configure the pass phrase gathering process.

# The filtering dialog program (`builtin' is a internal

# terminal dialog) has to provide the pass phrase on stdout.

NSSPassPhraseDialog file://etc/opt/dirsrv/admin-serv/password.conf

4. Restart the Administration Server.

/opt/dirsrv/sbin/restart-ds-admin

6.4 Creating password files 77